How to fix EUVD-2025-18403?

Within 24 hours: Identify all Liferay Portal/DXP systems in production and their versions; confirm exposure against affected version list (7.0.0-7.4.3.21, DXP 7.4 GA-U9, 7.3 GA-U25, older versions). Within 7 days: Implement network-level controls and WAF rules to detect/block suspicious parameter injection patterns; configure session timeout limits and memory monitoring alerts. Within 30 days: Evaluate upgrade path to patched Liferay version; engage vendor for patch availability; implement comprehensive request parameter validation at application layer.

Is Digital Experience Platform affected by EUVD-2025-18403?

Liferay Portal and DXP instances are vulnerable to denial-of-service attacks that exhaust server memory through malicious HTTP requests, potentially taking production systems offline.

EUVD-2025-18403

| CVE-2025-3526 HIGH

2025-06-16 [email protected]

GHSA-mf3r-6m25-3867

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 14, 2026 - 21:59 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 21:59 euvd

EUVD-2025-18403

CVE Published

Jun 16, 2025 - 15:15 nvd

HIGH 7.5

Description

SessionClicks in Liferay Portal 7.0.0 through 7.4.3.21, and Liferay DXP 7.4 GA through update 9, 7.3 GA through update 25, and older unsupported versions does not restrict the saving of request parameters in the HTTP session, which allows remote attackers to consume system memory leading to denial-of-service (DoS) conditions via crafted HTTP requests.

Analysis

A security vulnerability in Liferay Portal 7.0.0 (CVSS 7.5) that allows remote attackers. High severity vulnerability requiring prompt remediation.

Technical Context

CWE-400 (Uncontrolled Resource Consumption). CVSS 7.5 indicates high severity. Affects Liferay Portal 7.0.0.

Affected Products

['Liferay Portal 7.0.0']

Remediation

Monitor vendor channels for patch availability.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +38

POC: 0

EUVD-2025-18403 vulnerability details – vuln.today

Back

EUVD-2025-18403

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

EUVD-2025-18403

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code